General
-
Target
terraexe.zip
-
Size
417KB
-
Sample
220218-slnk6acfd3
-
MD5
7972608f353d941444468e979cc4e4c1
-
SHA1
d97cebbced591c30e81bbb4ea1895dbea253ca01
-
SHA256
24fcb8c70808a0db73b4d4daf9ca892b74ee892125f14469c57634ac32529b94
-
SHA512
5a98a2087fd81a5aebf4122ad619476b306973ae2c064087da9fe2df14229a649f4a5fa32a0584ff3bc7b0ef004f977a9fa84425b594b88ee98c21b191ee4c6c
Static task
static1
Behavioral task
behavioral1
Sample
9c94a994f2dfac218cbd59754747c05e6cb20989b92741a605a867931e4fb43b.exe
Resource
win7-en-20211208
Malware Config
Extracted
vidar
9.5
237
http://bestpolandhotels.com/
-
profile_id
237
Targets
-
-
Target
9c94a994f2dfac218cbd59754747c05e6cb20989b92741a605a867931e4fb43b.bin
-
Size
612KB
-
MD5
a075d490db034796f60d7d1fc7920f96
-
SHA1
96b34950575a53a1271d2fc3833cc6b515f8ece4
-
SHA256
9c94a994f2dfac218cbd59754747c05e6cb20989b92741a605a867931e4fb43b
-
SHA512
f5af647587e953a28eb84c6c155d0f66ae18a456912dadc90e9f9f1516c9c4eba274df6a4f2bf76413cab9475d18e1dcceff2d481ce95f81d86f741d34eb4540
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-